If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Windows reboots- vulnerability? [SOLVED]

OK, the problem turned out to be system related, and not BT / pentesting related.

I KNOW this forums is about BT... but it's also filled with people who know a lot more about security then I do, and frankly, I didn't know where else to turn. Besides, this IS pentesting, right?

Here's the full story:
I was playing around with Ettercap in Backtrack, trying to get it to capture user/pass info from my other computer (Windows XP), when I discovered that the firewall on that computer was smart enough to 'protect' against spoofing. So I turned if off, to see what would happen. Indeed, Ettercap then worked.

However, soon after that, the PC suddenly, without any warning whatsoever, rebooted (only 'notable' thing about it was a very slight noise coming from the speakers).

I checked again: every time I'd turn the firewall off, the computer would reboot a short moment later. I've turned DMZ off on my router (it was forwarding everything to my PC), and the problem stopped. EDIT: After more tests, it seems that it happens even with the DMZ turned off.

Then I turned DMZ on for my laptop (dual boot Windows XP and BackTrack3), and turned the firewall off there, and this time, nothing happened; laptop kept on running.

So, something must be wrong with my PC. Now, since any changes to the DMZ cause my router to reboot, and since I have a dynamic IP, I doubt that I am 'the' target of some attack... more likely (if this IS an attack), it's set against a whole range of addresses. But the thing I want to know: is this some kind of vulnerability, or just some system screw-up which causes it to reboot (unintentionally)? And, most importantly, how can I try to pinpoint the problem (or better yet, fix it)?

I should also note that I keep my system up to date with all the updates, and I already checked antivirus.

PS. Of course the obvious thing is NOT to turn the firewall for the time being, but that still leaves something wrong with the system itself.

Check your fire wall logs and see what kinds of things are hitting it. Watch the traffic with Wireshark or something similar to see what kinds of packets are hitting your machine. You might find what's doing it.

Other than that, it sounds like you have a flakey machine.

A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Since I see this is still active, I can safely say that this turned out to be unrelated to network packets. The system still reboots when, for example, the wifi card is turned off, or the router has no WLAN connection.

So despite the initial feeling of "oh shit, I've got a backdoor/exploit/hole in my system", it's a system issue.

Also, whatever is causing this, is also probably responsible for preventing me from running safe mode with networking. It boots up, the friendly "system is now in safe mode bla bla bla" message appears, and after any answer it just hangs there. I can Ctrl-Alt-Del into Task Manager, but that's about it.

Since I see this is still active, I can safely say that this turned out to be unrelated to network packets. The system still reboots when, for example, the wifi card is turned off, or the router has no WLAN connection.

So despite the initial feeling of "oh shit, I've got a backdoor/exploit/hole in my system", it's a system issue.

Also, whatever is causing this, is also probably responsible for preventing me from running safe mode with networking. It boots up, the friendly "system is now in safe mode bla bla bla" message appears, and after any answer it just hangs there. I can Ctrl-Alt-Del into Task Manager, but that's about it.

/Canned Help Desk Response

Re-install Windows.

A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.